| | HTTP desync attacks: request smuggling reborn (portswigger.net) |
| 3 points by fanf2 30 days ago | past |
|
| | Cookie Chaos: How to bypass __Host and __Secure cookie prefixes (portswigger.net) |
| 2 points by todsacerdoti 88 days ago | past | 1 comment |
|
| | Inline Style Exfiltration: leaking data with chained CSS conditionals (portswigger.net) |
| 1 point by pentestercrab 3 months ago | past |
|
| | HTTP/1.1 must die: the desync endgame (portswigger.net) |
| 42 points by sprawl_ 3 months ago | past | 25 comments |
|
| | HTTP/2: The Sequel is Always Worse (portswigger.net) |
| 7 points by quicksilver03 3 months ago | past |
|
| | HTTP/1.1 must die: the desync endgame (portswigger.net) |
| 3 points by jsnell 3 months ago | past |
|
| | HTTP/1.1 must die: the desync endgame (portswigger.net) |
| 7 points by 882542F3884314B 3 months ago | past | 2 comments |
|
| | HTTP/1.1 must die: the desync endgame (portswigger.net) |
| 17 points by octagons 3 months ago | past | 2 comments |
|
| | Drag and Pwnd: Exploiting VS Code with ASCII (portswigger.net) |
| 1 point by albinowax_ 6 months ago | past |
|
| | Welcome to the next generation of Burp Suite: elevate your testing with Burp AI (portswigger.net) |
| 2 points by thomas34298 8 months ago | past |
|
| | PESDv2 – diagram Burp traffic instantly with customizable Markdown/themes (portswigger.net) |
| 1 point by tony-ds 9 months ago | past |
|
| | Top web hacking techniques of 2024 (portswigger.net) |
| 3 points by chillax 9 months ago | past |
|
| | Splitting the email atom: exploiting parsers to bypass access controls (2024) (portswigger.net) |
| 1 point by frizlab 10 months ago | past |
|
| | Stealing HttpOnly cookies with the cookie sandwich technique (portswigger.net) |
| 6 points by chillax 10 months ago | past |
|
| | Listen to the whispers: web timing attacks that work (portswigger.net) |
| 188 points by saikatsg on Nov 21, 2024 | past | 33 comments |
|
| | New Doyensec Prototype Pollution BurpSuite Extension (portswigger.net) |
| 2 points by tony-ds on Oct 24, 2024 | past |
|
| | Listen to the whispers: web timing attacks that work (portswigger.net) |
| 2 points by rrampage on Sept 25, 2024 | past |
|
| | Splitting the email atom: exploiting parsers to bypass access controls (portswigger.net) |
| 2 points by hackvertor on Sept 5, 2024 | past | 1 comment |
|
| | Listen to the whispers: web timing attacks that work (portswigger.net) |
| 5 points by dytir on Aug 8, 2024 | past |
|
| | Listen to the whispers: web timing attacks that work (portswigger.net) |
| 3 points by chillax on Aug 7, 2024 | past |
|
| | SignSaboteur: forge signed web tokens with ease (portswigger.net) |
| 2 points by jdmark on May 23, 2024 | past |
|
| | HTTP/2 desync attacks. (2021) (portswigger.net) |
| 1 point by fanf2 on April 3, 2024 | past |
|
| | uBlock, I exfiltrate: exploiting ad blockers with CSS (2021) (portswigger.net) |
| 3 points by ReadCarlBarks on March 29, 2024 | past |
|
| | Blind CSS Exfiltration: exfiltrate unknown web pages (portswigger.net) |
| 2 points by pentestercrab on Jan 29, 2024 | past |
|
| | Web LLM Attacks (portswigger.net) |
| 1 point by beny23 on Jan 16, 2024 | past |
|
| | Top web hacking techniques of 2023 – nominations open (portswigger.net) |
| 1 point by celesian on Jan 10, 2024 | past |
|
| | Implementing Tic Tac Toe with 170mb of HTML – No JavaScript or CSS (portswigger.net) |
| 31 points by fagnerbrack on Nov 14, 2023 | past | 31 comments |
|
| | Implementing Tic Tac Toe with 170mb of HTML – No JavaScript or CSS (portswigger.net) |
| 13 points by thunderbong on Nov 11, 2023 | past | 5 comments |
|
| | Implementing Tic Tac Toe with 170mb of HTML – No JavaScript or CSS (portswigger.net) |
| 2 points by smusamashah on Nov 10, 2023 | past |
|
| | Implementing Tic Tac Toe with 170mb of HTML – No JavaScript or CSS (portswigger.net) |
| 2 points by thunderbong on Nov 9, 2023 | past |
|
|
| More |
